NetIQ Self Service Password Reset (SSPR) is a Web-based password management solution. It eliminates the users’ dependency on administrators to change their passwords. It reduces the workload of the helpdesk and in turn reduces the cost incurred by the company. Users can change their password and reset forgotten password based on the configured challenge-responses. SSPR also allows administrators to ensure that all passwords in the organization comply with the established policies. For detailed information about NetIQ Self Service Password Reset, visit the NetIQ Self Service Password Reset Documentation Web site.
SSPR 3.2 enhances the product capability and resolves several previous issues. Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable inputs. We hope you continue to help us ensure our products meet all your needs.
SSPR 3.2 provides the following features and enhancements:
You can now assign an Identity Manager (IDM) theme for the user Interface. For more information about configuring interface theme see, Configuring User Interface Settings
in the NetIQ® Self Service Password Reset 3.2 Administration Guide.
SSPR 3.2 includes several enhancements in Configuration Editor. For more information about Configuration Editor, see Working with Configuration Editor
in the NetIQ® Self Service Password Reset 3.2 Administration Guide. The new features are as following:
You can search for any setting by using live search (searching while typing) and the search result is displayed based on the characters included in the search criteria.
For each modified setting in Configuration Editor, you can view the modification details such as, when a setting was modified and who modified the setting.
You can use the arrow keys that are available next to the setting fields to change the precedence of any value of the setting that includes multiple values.
Icons are added to buttons in the user interface to represent function of each button.
You can define the URL fragments for any URL forwarding and also specify if you require SSPR in an inline frame for any application. You need to configure the following settings:
Redirect Whitelist: Specify the list of URL fragments. These URL fragments are allowed for URL forwarding. In an application you can provide a link to redirect the user to a particular webpage with the URL fragment that is defined in the whitelist.
Prevent HTML Framing (Advanced): If you select this option, SSPR is not included in the specified iFrame for the application. To include SSPR in an inline frame, de-select this option.
The following option is added to the Forgotten Password Recovery Mode setting:
Send new password and mark as expired: This option is required to send a random password to the user for temporary login and user is then prompted to change the random password during the login process.
You can define more search attributes for the users. When a user searches for any user details through People Search, they get information based on the settings that you define such as, the user’s photo, link to view hierarchy for the user and information for the users in the hierarchy list. In the People Search page, a user can search for any user by using wildcard search and live search (searching while typing).
Following are the new settings for the People Search module:
User Name Display: This setting is required if you want a specific attribute value to be used as the display name for the LDAP users in their respective LDAP directories.
LDAP Photo Attribute: This setting is required if you want to display the photo of the users along with the user information. The photo is uploaded from the LDAP directory.
Photo URL Override: This setting is required if you want to upload photos from any specific location. The photo is uploaded from the specified URL.
LDAP Photo HTML Style Attribute: This setting is required for the alignment, and for specifying the size of the photo.
Apart from the existing settings for the New User Registration module following are the settings that are included to improve the registration process for the LDAP users:
LDAP Entry ID Definition: This setting is required to control the entry id of the newly created LDAP entry. This setting provides you an option to include the entry name for the LDAP directory as per your requirement. For example, if you want the entry in the LDAP directory to display the user’s name you can specify @LDAP:givenName@
For more information about these settings and the existing settings, refer Enabling New User Registration
in the NetIQ® Self Service Password Reset 3.2 Administration Guide
Apart from the existing settings for the Helpdesk module following are the settings that are included
Viewable Status Fields: This setting is required to select the fields that should be available to the helpdesk operators to view the status of the required user.
Enable Delete User Button: This setting is required to allow helpdesk operator to delete the user account from the LDAP directory.
Helpdesk Profile Match: This setting is required to set the search filter and select the required LDAP Directory Profiles.
You can set multiple search filters for multiple domains for the settings that require LDAP query. If users in different domains require different access for a particular setting you can add multiple LDAP profile and set the LDAP search filter as per your requirement.
The following lists the issues resolved in this release:
Issue: Even when the regular expression pattern is defined in the Required Regular Expression Matches (Advanced) setting of Password Policy Profiles, SSPR displays error while generating random password. This issue occurs randomly.
Fix: With this release of SSPR, random passwords are generated based on the regular expression pattern that is configured for the passwords.
Issue: When users answer challenge questions, they receive a message to proceed but when they save the responses they are prompted to answer more challenge questions. This issue occurs when the value of the Minimum Random Challenges Required During Setup setting is less than the number of challenge questions that are populated for the users.
Fix: With this release of SSPR, the users are prompted to answer the same number of challenge questions that is defined in the Minimum Random Challenges Required During Setup setting.
Issue: When you change the password policy in Oracle DS, SSPR does not detect the change.
Fix: With this release of SSPR, when the password policy is changed in Oracle DS, SSPR updates Password Policy Profiles with those changes.
Issue: When you enable the Password Min Age setting in Oracle DS, SSPR does not allow users to change their password.
Fix: With this release of SSPR, if the Password Min Age setting is enabled in Oracle DS, users are allowed to change the password after they exceed the time defined in the setting.
For detailed information about hardware and software requirements, see Installation Requirements
in the NetIQ® Self Service Password Reset 3.2 Administration Guide.
SSPR is available for download in the following two formats:
(Recommended for new installation) SSPR_3.2_installer.EXE: An executable file that contains SSPR Web archive and tools.
SSPR_3.2.ZIP: A compressed zip file that contains SSPR Web archive and tools
For more information about how to install SSPR, see Installing SSPR
in the NetIQ® Self Service Password Reset 3.2 Administration Guide.
For information about how to upgrade SSPR, see Upgrading SSPR
in the NetIQ® Self Service Password Reset 3.2 Administration Guide.
NetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. The following issue is currently being researched. If you need further assistance with any issue, please contact Technical Support.
Issue: In an Active Directory or an Oracle Directory group policy if you have defined the minimum password age for a user then, new user registration fails.
Workaround: To workaround this issue, the SSPRConfiguration file must include the following properties tag:
<properties type="app"> <property key="newUser.ldap.useTempPassword">false</property></properties>
The SSPRconfiguration file is available at the WEB-INF folder. By default the location of the SSPRConfiguration file is C:\Program Files (x86)\NetIQ Self Service Password Reset\apache-tomcat-7.0.50\webapps\sspr\WEB-INF.
Issue: When you select User cannot change password in the Active Directory settings page, a user is restricted to change password. But when the user attempts to change the password by using the Forgotten password link, SSPR allows the user to change the password instead of restricting the user.
Workaround: When you restrict a user from changing the password, you must ensure that you disable the Use Proxy When Password Forgotten setting from the Active Directory template by using configuration editor.
Issue: When a user starts the password change process by clicking Forgotten password, a random password is generated and if the user cancels the process without completing it then, user cannot use the old password. This happens because SSPR recognizes the random password is generated when the user clicks on Forgotten password.
Workaround: Perform the following for different directories:
For Active Directory, you can enable the Use Proxy When Password Forgotten setting from the Configuration Editor.
For eDirectory, you require to enable the Allow admin to retrieve passwords option from the eDirectory settings page.
For Oracle Directory Server, the user needs to complete the forgotten password process and then use the new password to login.
Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.
For detailed contact information, see the Support Contact Information Web site.
For general corporate and product information, see the NetIQ Corporate Web site.
THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF A LICENSE AGREEMENT OR A NON-DISCLOSURE AGREEMENT. EXCEPT AS EXPRESSLY SET FORTH IN SUCH LICENSE AGREEMENT OR NON-DISCLOSURE AGREEMENT, NETIQ CORPORATION PROVIDES THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SOME STATES DO NOT ALLOW DISCLAIMERS OF EXPRESS OR IMPLIED WARRANTIES IN CERTAIN TRANSACTIONS; THEREFORE, THIS STATEMENT MAY NOT APPLY TO YOU.
For purposes of clarity, any module, adapter or other similar material ("Module") is licensed under the terms and conditions of the End User License Agreement for the applicable version of the NetIQ product or software to which it relates or interoperates with, and by accessing, copying or using a Module you agree to be bound by such terms. If you do not agree to the terms of the End User License Agreement you are not authorized to use, access or copy a Module and you must destroy all copies of the Module and contact NetIQ for further instructions.
This document and the software described in this document may not be lent, sold, or given away without the prior written permission of NetIQ Corporation, except as otherwise permitted by law. Except as expressly set forth in such license agreement or non-disclosure agreement, no part of this document or the software described in this document may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, or otherwise, without the prior written consent of NetIQ Corporation. Some companies, names, and data in this document are used for illustration purposes and may not represent real companies, individuals, or data.
This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. NetIQ Corporation may make improvements in or changes to the software described in this document at any time.
U.S. Government Restricted Rights: If the software and documentation are being acquired by or on behalf of the U.S. Government or by a U.S. Government prime contractor or subcontractor (at any tier), in accordance with 48 C.F.R. 227.7202-4 (for Department of Defense (DOD) acquisitions) and 48 C.F.R. 2.101 and 12.212 (for non-DOD acquisitions), the government’s rights in the software and documentation, including its rights to use, modify, reproduce, release, perform, display or disclose the software or documentation, will be subject in all respects to the commercial license rights and restrictions provided in the license agreement.
© 2014 NetIQ Corporation. All Rights Reserved.
For information about NetIQ trademarks, see https://www.netiq.com/company/legal/.